Will the iPhone be a Security Nightmare?

So here it is, iPhone month. At last. It's been on the mind of many a gadget geek ever since Steve Jobs announced it in January. That's a long time to make us wait, by the way, Steve. But will it be worthy of our expectations? Of course I'm referring here to our security expectations.

We’ve all heard more than enough about the iPhone’s features, revolutionary user interface, and so on, right? Perhaps my optical grep isn’t what it used to be, but I sure don’t recall even seeing the word security in that myriad of coverage about this new must-have gadget. Are we all being drawn into the functional specification trap that so many software developers fall for also? Are we paying too much attention to what this thing does and not enough about what can go wrong? Seems likely to me.

I’ve been an IT junkie for years, ever since building my first Heathkit computer back in college. Like so many of us, I’m irresistibly drawn to new stuff as it hits the markets. In all these years, I can’t remember one single product announcement that has had the same level of buzz as the iPhone does now. That’s likely to be a great thing for Apple’s shareholders, but there’s a side effect to it as well. Along with buzz comes a veritable “kick me” sticker on the iPhone’s back.

Recent Alignment Articles

Spammers Find New Ways Around Filters Vista Exploit Looking For Achilles' Heel Spam Bust: The Lessons of Yesmail Symantec Overhauls System Backup Suite FREE IT Management Newsletters bITa Planet CIO Update Intranet Journal Update Datamation IT Management Careers Datamation IT Management Update Grid Computing Planet HTML E-Security Planet Newsletter E-Security Planet HTML DRM Watch HTML

Oh yes, make no mistake about it. The moment the first iPhone ships off the assembly line, there’ll be a line of people who are going to want to be the first to break it.

But we shouldn’t be concerned, right? After all, the iPhone is built on Apple’s formidable OS X (and thus UNIX) operating system, which is pretty rock solid over all. Isn’t it?

I’m a big believer in UNIX in general, but even I want a solid mechanism for quickly and easily installing security patches and updates as they’re made available. Has there been any mention of an “iPhone Update” icon in all the functional discussions we’ve heard about in the iPhone? I must have missed that discussion.

I do hope, though, that there’s a quick and easy way of installing software updates in the device. Given Apple’s track record, I do expect that to be the case. But will it be opt-in or opt-out? Will it automatically run every night and keep my iPhone up to date with security patches or will I have to connect to some Apple website and download the latest firmware and install it – long the status quo among smart phones from other vendors.

If the latter is the case, how will the users find out about the security patches? From an email sent out by Apple? (I sure hope they digitally sign that email!) From a press release? And then, what percentage of the iPhone users do you think will actually read that email/release and go out and grab the patch? If history serves as an accurate predictor of the future, that percentage won’t be very high.